ZAP -> Owasp BenchMark : LDAP no scann results

[Jaden V]

Good Day, I'm new to ZAP and have check / research on how the scan should be done.

but for some reasons ZAP is unable to detect most of the vulnerabilities in my end. 

For LDAP Injection I have already added Active Scanner Rules (alpha) but still not able to detect a single LDAP vulnerability. Even If we did  per link of scanning using 3 different machines. tried Spider / Ajax Spider, manual exploring,. re-crawling with the spiders. but still no. 

Can anyone tell if we are still missing something?

addtionaly, we have low detection for other categories as well. we only have one 100% detection in BenchMark which is the Insecure category.

[Jaden V]

sorry,.

I meant Insecure Cookie category. the Insecure Cookie I mentioned is when we did a manual checking each link, and was able to detect all vulnerabilities base on benchmarks expectedresults-1.2.csv. in the scorecard that OWASP Benchmark created, it doesn't state 100% though, probably because the scorecard will not trigger it if the risk level tagged by ZAP is low, however via manual detection and CWE ID comparison, we concluded that ZAP is able to detect all vulnerabilities regarding insecure cookie category presented by OWASP Benchmark

Additionally, here is the result from bBnchmarks createScorecards.sh's Scorecard evaluation.